Security: Establish Bug Bounty Program & SECURITY.md

[AlAfiz]

Description

White-hat hackers need a safe, formal way to report vulnerabilities without dropping 0-days in the public GitHub issues.

Acceptance Criteria

• Create a SECURITY.md file in the root of the monorepo.
• Define the exact scope of the bug bounty (e.g., Soroban Contracts: In Scope, Next.js UI bugs: Out of Scope for payout).
• Provide a secure contact method (e.g., a PGP key and security@yourdomain.com).
• Define the SLA (Service Level Agreement) for how quickly the team will respond to reports.

Technical Details

• Mention explicitly that any public disclosure before the team patches the vulnerability automatically voids the bounty.

[udoyechinenyevictoria]

@udoyechinenyevictoria has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hello please i would like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @udoyechinenyevictoria to this issue.

[wolfyres]

@wolfyres has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

I'd like to solve this issue ASAP, thanks.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @wolfyres to this issue.

[SYLVIANNORUKA]

@SYLVIANNORUKA has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Can I work on this pls ? I will Establish Bug Bounty Program & SECURITY.md

ℹ️ Repo Maintainers: To accept this application, review their application or assign @SYLVIANNORUKA to this issue.

[drips-wave]

Congratulations, @Aesdecodes! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @Aesdecodes: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[Sendi0011]

@Sendi0011 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Gm team, can i handle this?
ETA: 1 hour

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Sendi0011 to this issue.

[Chrisland58]

@Chrisland58 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hi maintainer I will like to work in this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Chrisland58 to this issue.